CN111209349B - Method and device for updating session time - Google Patents
Method and device for updating session time Download PDFInfo
- Publication number
- CN111209349B CN111209349B CN201911366437.6A CN201911366437A CN111209349B CN 111209349 B CN111209349 B CN 111209349B CN 201911366437 A CN201911366437 A CN 201911366437A CN 111209349 B CN111209349 B CN 111209349B
- Authority
- CN
- China
- Prior art keywords
- session
- token
- client
- session token
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/282—Hierarchical databases, e.g. IMS, LDAP data stores or Lotus Notes
Abstract
The invention provides a method and a device for updating session time, wherein the method comprises the following steps: intercepting a session request, wherein the session request carries a session token; and sending the session token to a server so that the server can update the session time corresponding to the session token according to the session token. According to the invention, the session request is intercepted, and the session token carried in the session request is sent to the server, so that the server can update the session time corresponding to the session token according to the session token, and the problems of expiration of single sign-on system authentication and repeated sign-on authentication due to different sign-on users among a plurality of software systems caused by overtime are solved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for updating session time.
Background
Single sign-on (SSO) translates into a Single sign-on, a property that provides access control for many interrelated, but independent software systems. When the user has the attribute, the access rights of all the systems can be obtained when logging in, and each single system is not required to log in one by one. This functionality is typically implemented in Lightweight Directory Access Protocol (LDAP), where user information is stored on a server in an LDAP database. Similarly, a single sign-off (single sign-off) means that only a single action is required to terminate access rights to multiple systems, which is one of the more popular solutions for enterprise business integration.
A problem with multiple interrelated, independent software systems providing access control through single sign-on is how to control session time consistency between the multiple software systems, including single sign-on systems. Typically, each software system has its own session management function, and each software system can set its own session lifetime and expiration policy, which results in inconsistent session times among multiple software systems through single sign-on. One problem with such time inconsistencies is that the user enters the first software system and the second software system simultaneously by single sign-on, the session timeout settings of the first software system and the second software system are fixed (e.g. 30 minutes), the session restarts to count after each access to the resource, and if the user continues to use the first software system for more than a fixed time without using the second software system, the user will find that the session of the second software system has timed out when using the second software system again, requiring re-application of authentication to the single sign-on system. Another problem is that the setting of the duration of the authentication session of the single sign-on system is fixed, and the timing cannot be reset according to the use condition of the user, if the authentication session is set for 2 hours by the single sign-on system, when the user enters the first software system through the single sign-on system, the user accesses the second software system after using the single sign-on system for 2 hours, and at this time, the user needs to perform identity authentication again in the single sign-on system because the authentication session of the single sign-on system has been disabled, and then the user can access the second software system, and the single sign-on feature of the single sign-on is lost.
For the problems in the related art, no effective solution has been proposed at present.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a method and a device for updating session time.
The technical scheme of the invention is realized as follows:
according to one aspect of the present invention, a method of updating session time is provided. The method comprises the following steps: intercepting a session request, wherein the session request carries a session token; the session token is sent to the server so that the server updates the session time corresponding to the session token based on the session token.
Optionally, the method further comprises: receiving user identification information sent by a server; judging whether a session corresponding to the user identification information exists locally;
according to another aspect of the present invention, a method of updating session time is provided. The method comprises the following steps: receiving a session token sent by a client, wherein the session token is obtained by intercepting a session request by the client, and the session request carries the session token; verifying the session token; and updating the session time corresponding to the session token under the condition that the session token passes the verification.
Optionally, the method further comprises: searching user identification information corresponding to the session token;
the user identification information is sent to the client so that the client creates a new session corresponding to the user identification information.
Optionally, the method further comprises: generating feedback information in the case that the session token does not pass the verification, wherein the feedback information is invalid for feeding back the session token; and sending the feedback information to the client so that the client can delete the session corresponding to the session token.
According to another aspect of the present invention, there is provided an apparatus for updating a session time. The device comprises: the interception module is used for intercepting a session request, wherein the session request carries a session token; and the first sending module is used for sending the session token to the server so that the server can update the session time corresponding to the session token according to the session token.
Optionally, the apparatus further comprises: the first receiving module is used for receiving the user identification information sent by the server; the judging module is used for judging whether a session corresponding to the user identification information exists locally or not; and the creation module is used for creating a new session corresponding to the user identification information if the session does not exist locally.
According to another aspect of the present invention, there is provided an apparatus for updating a session time. The device comprises: the second receiving module is used for receiving a session token sent by the client, wherein the session token is obtained by intercepting a session request by the client, and the session request carries the session token; the verification module is used for verifying the session token; and the updating module is used for updating the session time corresponding to the session token under the condition that the session token passes the verification.
Optionally, the apparatus further comprises: the searching module is used for searching the user identification information corresponding to the session token; and the second sending module is used for sending the user identification information to the client so that the client can create a new session corresponding to the user identification information.
Optionally, the apparatus further comprises: the generation module is used for generating feedback information under the condition that the session token does not pass verification, wherein the feedback information is used for feeding back the session token and is invalid; and the second sending module is used for sending the feedback information to the client so that the client can delete the session corresponding to the session token.
According to the invention, the session request is intercepted, and the session token carried in the session request is sent to the server, so that the server can update the session time corresponding to the session token according to the session token, and the problems of expiration of single sign-on system authentication and repeated sign-on authentication due to different sign-on users among a plurality of software systems caused by overtime are solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for updating session time provided by the present invention;
FIG. 2 is a flow chart of a method for updating session time provided by the present invention;
FIG. 3 is a block diagram of an apparatus for updating session time provided by the present invention;
fig. 4 shows a block diagram of another apparatus for updating session time provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the invention, fall within the scope of protection of the invention.
There is also a Session (time domain) sharing method in the prior art to implement single sign-on. The software systems using single sign-on share one Session by sharing the same Session for a plurality of software systems, so that the consistency of the Session time of the user is maintained.
However, the prior art has at least the following problems:
setting a longer session time: a long time is set for the authentication session of the single sign-on system and the user session of the software system using the single sign-on, and a pseudo infinite time session is realized beyond the service time of most users, so that inconsistent processing of the session time is avoided.
Session sharing: it configures the same Session for multiple software systems, sharing the same Session Id in the Cookie (data stored on the user's local terminal) to access the Session. The method brings a problem that Session is difficult to process due to Session sharing, namely, the conflict and the safety of Session among a plurality of software systems cannot be guaranteed, the size of Session is increased along with the increase of the software systems, the performance of the system is reduced, and the risk of the system is increased by sharing one Session Id in Cookie.
Thus, according to an embodiment of the present invention, a method of updating session time is provided.
Referring now to fig. 1, fig. 1 is a flow chart illustrating a method for updating session time according to the present invention. The method as described in fig. 1 comprises:
step S110, intercepting a session request, wherein the session request carries a session token.
Step S120, the session token is sent to the server, so that the server can update the session time corresponding to the session token according to the session token.
Therefore, the invention intercepts the session request and sends the session token carried in the session request to the server, so that the server can update the session time corresponding to the session token according to the session token, thereby solving the problems of expiration of single sign-on system authentication and repeated sign-on authentication due to different sign-on users among a plurality of software systems caused by overtime.
In order to facilitate an understanding of the present invention, a description will be given below by way of specific examples.
The session management system of the present invention includes two parts, a client (or session management client) and a server (or session management server). The client can be deployed in a software system accessed with single sign-on in the form of an interceptor, and can be responsible for intercepting a session token, establishing a new local session, initiating token verification, resetting a request of session survival time and other services; the server is responsible for services such as verifying session tokens, resetting session lifetime, etc.
In addition, the session token in the session management system can multiplex the temporary token generated by single sign-on system authentication, so that the influence on a client and a server in the single sign-on system is minimum, and the compatibility is the best.
In addition, the invention provides a session management service for a plurality of software systems in the single sign-on system, and the plurality of software systems manage own session time in the session management center to destroy a session and create a session.
And the session life cycle is shared among a plurality of software systems, so that the complete session time consistency is realized, namely, one software system session is not expired, the sessions of the rest software systems are not expired, one software system session is expired, and the sessions of the rest software systems are also expired.
The method for updating the session time comprises the following specific processes:
when the user completes authentication at the single sign-on system, the single sign-on system generates a session Token for the user, and stores the corresponding session Token in the Cookie, specifically, the session Token may be stored under a secondary domain name (e.g., example. Com).
Where the secondary domain name refers to a domain name under the top-level domain name, among the internet DNS (domain name system (service) protocol) levels, i.e. the secondary domain name is the penultimate part of the domain name, e.g. in the domain name example.
And, cookie is data stored on the user's local terminal by the website for identifying the user's identity, performing Session tracking.
And Token means Token (temporary) in computer authentication.
In addition, when a user accesses a software system (e.g., a.example.com, etc.) among a plurality of software systems, the software system can acquire a session Token stored under a secondary domain name (e.g., example.com, etc.) in a Cookie to operate.
In addition, when the session Token is not present in the client, the user is considered to have not performed login authentication in the single sign-on system. If the session Token exists in the client, the client sends the session Token to the server.
And the server verifies the received session Token. In the case that the session Token passes the verification, it is determined that the session Token is in the validity period, and the server updates the session time (or the lifetime of the session) corresponding to the session Token, for example, the server may reset the session time of the session Token. And after the updating of the session time is completed, the server can search the user identification information corresponding to the session token and send the user identification information to the client.
And after the client acquires the identification information of the login user, judging whether the user has a local session, if so, releasing the request of the user, if not, creating a new local session for the user, and then releasing the request of the user.
Further, in the event that the session token is not validated, the server may generate feedback information, wherein the feedback information is invalid for feeding back the session token. The server sends feedback information to the client, the client can search the session corresponding to the session token based on the feedback information, and under the condition that the session is searched, the client deletes the searched session, and if the session is not searched, prompt information can be displayed so as to guide the client to finish authentication of single sign-on.
In addition, when a user needs to destroy a session, a request for destroying the session is initiated to the server, and Token in the Cookie and the local session of the user in the software system are destroyed at the same time.
Therefore, the invention realizes the consistent conversation time among a plurality of software systems of single sign-on, and still keeps the independent management of conversation of each software system, solves the problem that different login users among a plurality of software systems are caused by overtime, and the single sign-on system authentication expires and the single sign-on authentication is repeated, thereby truly realizing one-place login and everywhere login among a plurality of software systems and the single sign-on system; one exit, everywhere exit; one expiration and everywhere expiration.
According to the embodiment of the invention, a method for updating the session time is also provided.
As shown in fig. 2, fig. 2 is a flowchart of a method for updating session time according to the present invention. The method of fig. 2 comprises:
step S210, receiving a session token sent by a client, wherein the session token is obtained by intercepting a session request by the client, and the session request carries the session token;
step S220, verifying the session token;
in step S230, when the session token passes the authentication, the session time corresponding to the session token is updated.
Optionally, the method further comprises: searching user identification information corresponding to the session token; the user identification information is sent to the client so that the client creates a new session corresponding to the user identification information.
Optionally, the method further comprises: generating feedback information in the case that the session token does not pass the verification, wherein the feedback information is invalid for feeding back the session token; and sending the feedback information to the client so that the client can delete the session corresponding to the session token.
The embodiment of the invention also provides a device for updating the session time.
As shown in fig. 3, fig. 3 is a block diagram of an apparatus for updating session time according to the present invention. The apparatus as shown in fig. 3 includes:
an interception module 310, configured to intercept a session request, where the session request carries a session token;
the first sending module 320 is configured to send the session token to the server, so that the server updates the session time corresponding to the session token according to the session token.
Optionally, the apparatus further comprises: a first receiving module (not shown) for receiving user identification information transmitted from the server; a judging module (not shown) for judging whether a session corresponding to the user identification information exists locally; a creation module (not shown) for creating a new session corresponding to the user identification information if there is no session locally.
According to the embodiment of the invention, another device for updating the session time is also provided.
As shown in fig. 4, fig. 4 is a block diagram of another apparatus for updating session time according to the present invention. The apparatus as shown in fig. 4 includes:
a second receiving module 410, configured to receive a session token sent by a client, where the session token is obtained by the client intercepting a session request, and the session request carries the session token; a verification module 420, configured to verify the session token; and the updating module 430 is configured to update a session time corresponding to the session token when the session token passes the verification.
Optionally, the apparatus further comprises: a search module (not shown) for searching for user identification information corresponding to the session token; and a second transmitting module (not shown) for transmitting the user identification information to the client so that the client creates a new session corresponding to the user identification information.
Optionally, the apparatus further comprises: a generation module (not shown) for generating feedback information in case the session token is not validated, wherein the feedback information is used to feed back that the session token is invalid; and the second sending module is also used for sending the feedback information to the client so that the client can delete the session corresponding to the session token.
In summary, by means of the above technical solution of the present invention, by intercepting a session request and sending a session token carried in the session request to a server, so that the server updates a session time corresponding to the session token according to the session token, thereby solving the problems of expiration of single sign-on system authentication and repeated sign-on authentication due to different sign-on users among a plurality of software systems caused by timeout.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (10)
1. A method for updating session time, comprising:
intercepting a session request, wherein the session request carries a session token;
sending the session token to a server so that the server can update the session time corresponding to the session token according to the session token,
the client is deployed in a plurality of software systems accessing single sign-on, intercepts the session request and sends the session token to the server, and initiates a request for resetting the session lifetime, wherein the server is responsible for resetting the session lifetime, and the session lifetime is shared among the plurality of software systems.
2. The method according to claim 1, wherein the method further comprises:
receiving user identification information sent by the server;
judging whether a session corresponding to the user identification information exists locally;
if the session does not exist locally, a new session corresponding to the user identification information is created.
3. A method for updating session time, comprising:
receiving a session token sent by a client, wherein the session token is obtained by intercepting a session request by the client, and the session request carries the session token;
verifying the session token;
in the event that the session token passes verification, updating a session time corresponding to the session token,
the client is deployed in a plurality of software systems accessing single sign-on, a server receives the session token sent by the client, and the client initiates a request for resetting session lifetime, and the server resets session lifetime, wherein session lifetime is shared among the plurality of software systems.
4. A method according to claim 3, characterized in that the method further comprises:
searching user identification information corresponding to the session token;
and sending the user identification information to the client so that the client creates a new session corresponding to the user identification information.
5. A method according to claim 3, characterized in that the method further comprises:
generating feedback information in the case that the session token is not verified, wherein the feedback information is used for feeding back that the session token is invalid;
and sending the feedback information to the client so that the client deletes the session corresponding to the session token.
6. An apparatus for updating session time, comprising:
the interception module is used for intercepting a session request, wherein the session request carries a session token;
a first sending module, configured to send the session token to a server, so that the server updates a session time corresponding to the session token according to the session token,
wherein the apparatus is deployed in a plurality of software systems accessing single sign-on, and the apparatus is further configured to initiate a request to reset a session lifetime, and the server is configured to reset the session lifetime, wherein a session lifetime is shared among the plurality of software systems.
7. The apparatus of claim 6, wherein the apparatus further comprises:
the first receiving module is used for receiving the user identification information sent by the server;
the judging module is used for judging whether a session corresponding to the user identification information exists locally or not;
and the creation module is used for creating a new session corresponding to the user identification information if the session does not exist locally.
8. An apparatus for updating session time, comprising:
the second receiving module is used for receiving a session token sent by a client, wherein the session token is obtained by intercepting a session request by the client, and the session request carries the session token;
the verification module is used for verifying the session token;
an updating module, configured to update a session time corresponding to the session token when the session token passes verification,
the client is deployed in a plurality of software systems accessing single sign-on, the client is used for initiating a request for resetting the session lifetime, and the device is also used for resetting the session lifetime, wherein the session lifetime is shared among the plurality of software systems.
9. The apparatus of claim 8, wherein the apparatus further comprises:
the searching module is used for searching the user identification information corresponding to the session token;
and the second sending module is used for sending the user identification information to the client so that the client can create a new session corresponding to the user identification information.
10. The apparatus of claim 8, wherein the apparatus further comprises:
the generation module is used for generating feedback information in the case that the session token does not pass verification, wherein the feedback information is used for feeding back that the session token is invalid;
and the second sending module is used for sending the feedback information to the client so that the client can delete the session corresponding to the session token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911366437.6A CN111209349B (en) | 2019-12-26 | 2019-12-26 | Method and device for updating session time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911366437.6A CN111209349B (en) | 2019-12-26 | 2019-12-26 | Method and device for updating session time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111209349A CN111209349A (en) | 2020-05-29 |
| CN111209349B true CN111209349B (en) | 2023-07-04 |
Family
ID=70788370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911366437.6A Active CN111209349B (en) | 2019-12-26 | 2019-12-26 | Method and device for updating session time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111209349B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111814130B (en) * | 2020-07-06 | 2024-03-26 | 新华智云科技有限公司 | Single sign-on method and system |
| CN111931080A (en) * | 2020-07-24 | 2020-11-13 | 上海泛微网络科技股份有限公司 | Method, system and storage medium for automatically displaying time in multiple time zones |
| CN113391858A (en) * | 2021-07-12 | 2021-09-14 | 苏州达家迎信息技术有限公司 | Page loading method and device in client, computer equipment and medium |
| CN114124382B (en) * | 2021-12-01 | 2024-04-09 | 深圳市闪剪智能科技有限公司 | Credential updating method, system, device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9065819B1 (en) * | 2013-12-23 | 2015-06-23 | Cellco Partnership | Single sign on (SSO) authorization and authentication for mobile communication devices |
| CN109587251A (en) * | 2018-12-07 | 2019-04-05 | 用友网络科技股份有限公司 | Session access method and server |
| CN109964196A (en) * | 2016-09-30 | 2019-07-02 | 帕洛阿尔托网络公司 | Dual factor anthentication is as network service |
| CN110177120A (en) * | 2019-06-14 | 2019-08-27 | 北京首都在线科技股份有限公司 | A kind of method, apparatus and computer readable storage medium of single-sign-on |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8578462B2 (en) * | 2003-12-12 | 2013-11-05 | Avaya Inc. | Method and system for secure session management in a web farm |
| US7992198B2 (en) * | 2007-04-13 | 2011-08-02 | Microsoft Corporation | Unified authentication for web method platforms |
| CN107770140A (en) * | 2016-08-22 | 2018-03-06 | 南京中兴软件有限责任公司 | A kind of single sign-on authentication method and device |
| US10541992B2 (en) * | 2016-12-30 | 2020-01-21 | Google Llc | Two-token based authenticated session management |
| US10645177B2 (en) * | 2017-04-19 | 2020-05-05 | International Business Machines Corporation | Cookie based session timeout detection and management |
| CN109688114B (en) * | 2018-12-10 | 2021-07-06 | 迈普通信技术股份有限公司 | Single sign-on method, authentication server and application server |
| CN110381078B (en) * | 2019-07-29 | 2021-10-26 | 迈普通信技术股份有限公司 | Method and device for determining token duration, electronic equipment and storage medium |
-
2019
- 2019-12-26 CN CN201911366437.6A patent/CN111209349B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9065819B1 (en) * | 2013-12-23 | 2015-06-23 | Cellco Partnership | Single sign on (SSO) authorization and authentication for mobile communication devices |
| CN109964196A (en) * | 2016-09-30 | 2019-07-02 | 帕洛阿尔托网络公司 | Dual factor anthentication is as network service |
| CN109587251A (en) * | 2018-12-07 | 2019-04-05 | 用友网络科技股份有限公司 | Session access method and server |
| CN110177120A (en) * | 2019-06-14 | 2019-08-27 | 北京首都在线科技股份有限公司 | A kind of method, apparatus and computer readable storage medium of single-sign-on |
Non-Patent Citations (1)
| Title |
|---|
| Robust login authentication using time-based OTP through secure tunnel;Kaur N et al.;《International Conference on Computing for Sustainable Global Development》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111209349A (en) | 2020-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111209349B (en) | Method and device for updating session time | |
| CN109587133B (en) | Single sign-on system and method | |
| CN112291178B (en) | Service providing method and device and electronic equipment | |
| CN106936853B (en) | Cross-domain single sign-on method based on system integration-oriented cross-domain single sign-on system | |
| CN106612290B (en) | Cross-domain single sign-on method oriented to system integration | |
| US10541991B2 (en) | Method for OAuth service through blockchain network, and terminal and server using the same | |
| US11201778B2 (en) | Authorization processing method, device, and system | |
| US9923906B2 (en) | System, method and computer program product for access authentication | |
| CN111416822B (en) | Method for access control, electronic device and storage medium | |
| US10601813B2 (en) | Cloud-based multi-factor authentication for network resource access control | |
| CN106878283B (en) | Authentication method and device | |
| CN112261172B (en) | Service addressing access method, device, system, equipment and medium | |
| US20100077467A1 (en) | Authentication service for seamless application operation | |
| US20170325089A1 (en) | Method and system of user authentication and end to end encryption using device synchronization | |
| CN112612629A (en) | Method and system for realizing component type data interface | |
| US20170279798A1 (en) | Multi-factor authentication system and method | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| WO2019196406A1 (en) | Decentralized root domain name service method and system based on blockchain | |
| CN112887284B (en) | Access authentication method and device, electronic equipment and readable medium | |
| CN112261022A (en) | Security authentication method based on API gateway | |
| CN112788031A (en) | Envoy architecture-based micro-service interface authentication system, method and device | |
| CN108234122B (en) | Token checking method and device | |
| CN107395566B (en) | Authentication method and device | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |